Commit graph

186 commits

Author SHA1 Message Date
Alessio Balsini
583ae3e55d FUSE-BPF: use both ro and persist properties
persist.sys.fuse.bpf.enable and ro.fuse.bpf.enabled are both used to
decide if FUSE-BPF must be enabled or not.
- ro.fuse.bpf.enabled is a read-only property that is set in the device
  makefile and would allow dogfooding devices to turn the feature
  on/off.
- persist.sys.fuse.bpf.enable is a system property that overrides
  ro.fuse.bpf.enabled and can only be set manually during the
  development to simplify the testing of FUSE-BPF, mostly to compare if
  those tests that are failing with FUSE-BPF were failing also without
  the feature.

Bug: 202785178
Test: adb logcat | grep "FuseDaemon" | grep BPF
Ignore-AOSP-First: FUSE-BPF is not available in AOSP
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I23f9d27172907f6c72c73bea22e4a7e0ac643888
2022-03-23 19:57:28 +00:00
Treehugger Robot
2e0e0f7878 Merge "Remove unused function UnmountTreeWithPrefix()" am: 536beac4bd am: 5fdc4c764d am: 6036321541
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2021355

Change-Id: I152aa95589c7bd1283c9449049ebaf0629eee769
2022-03-10 22:45:21 +00:00
Eric Biggers
b5f688aaeb Remove unused function UnmountTreeWithPrefix()
Change-Id: I6940498e4d6269dfcb78cab75bf56d1d545dd784
2022-03-10 20:31:51 +00:00
Mohammad Samiul Islam
b459591fd1 Create misc_ce and misc_de directories on /mnt/expand
We want to store sdk data on the same volume as app data. Since sdk data
is stored in misc_ce and misc_de directory, we need to ensure they exist
on adopted storage mounted at /mnt/expand/<volume-uuid>.

This CL creates `/mnt/expand/<volume-uuid>/misc_{ce,de}` directories
when disk is mouted and then when user storage is prepared, the sdk root
directory is created.

By having these directories, we can now move the sdk data to other
volume when app data is moved.

Bug: b/222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
    only. Will cherry-pick this CL to aosp standalone once it is safely
    merged to internal branch.
Change-Id: I0e73d9ce105abec4b77c378cde58aa7365258f01
2022-03-08 10:37:31 +00:00
Yurii Zubrytskyi
18eb877246 [vold] Check incremental paths before mounting
Vold was trusting system_server too much and allowed for pretty
much any path in mount()/bindMount() calls for incremental.
This CL adds validation to make sure it's only accessing own
directories. This includes enforcing no symlinks in the paths

Bug: 198657657
Bug: 216722132
Test: manual
Change-Id: I6035447f94ef44c4ae3294c3ae47de2d7210683a
Merged-In: I6035447f94ef44c4ae3294c3ae47de2d7210683a
2022-01-31 22:13:14 +00:00
Treehugger Robot
d6f405cd8d Merge "Add timeout for fsck on untrusted media" am: 313e8556a6 am: d00aa3ec08 am: da54b106a8
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1826726

Change-Id: Iae46a17c1754a0807627ea6110993f0154aeeda3
2022-01-26 09:42:00 +00:00
Treehugger Robot
313e8556a6 Merge "Add timeout for fsck on untrusted media" 2022-01-26 08:55:08 +00:00
Tao Wu
62a0bbbc08 Merge "Don't abort fuse connections for virtiofs." am: 09997fe28a am: a6e700b054 am: b99a9e4f21
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1437953

Change-Id: Ia2b11923b952b107c720dbeaca7aabd7facc6bde
2022-01-19 04:48:03 +00:00
Tao Wu
3d98962269 Don't abort fuse connections for virtiofs.
Android should only abort fuse connections for fuse fs. It shouldn't
touch fuse connections for virtiofs.

Bug: 162284193
Test: manual - Restart zygote, no 'Transport endpoint is not connected' error.
Change-Id: Ie3536734531404e98ad1b6594ab3c52e919b22b7
2022-01-18 18:33:52 -08:00
Yurii Zubrytskyi
b648eb229e Merge "[vold] Check incremental paths before mounting" into sc-v2-dev am: e0f8956247
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/16177336

Change-Id: Ibe525fcda2d7ca0daac86c7d4cfde9deb55c6041
2021-11-03 19:12:44 +00:00
Yurii Zubrytskyi
40389820e2 [vold] Check incremental paths before mounting
Vold was trusting system_server too much and allowed for pretty
much any path in mount()/bindMount() calls for incremental.
This CL adds validation to make sure it's only accessing own
directories. This includes enforcing no symlinks in the paths

Ignore-AOSP-First: security fix
Bug: 198657657
Test: manual
Change-Id: I6035447f94ef44c4ae3294c3ae47de2d7210683a
Merged-In: I6035447f94ef44c4ae3294c3ae47de2d7210683a
2021-11-02 21:46:31 +00:00
Daniel Rosenberg
d9261b1f0b Add timeout for fsck on untrusted media
Certain setups of cards can take a long time to fsck.
This adds a timeout to avoid angering the watchdog

Bug: 195615825
Test: Mount removable storage with ~30K folders,
      obeserve timeout in logs
Change-Id: I8b6e2658cf7024645f976599851bbee0557745ca
2021-09-22 18:08:28 -07:00
Thiébaud Weksteen
ae8550fd20 Replace security_context_t type
security_context_t has been marked as deprecated in libselinux from
version 3.2. Update to the `char*` type.

Bug: 190808996
Test: m
Change-Id: I6f40e161251c79893d41e12c368715736578aacc
2021-09-10 10:54:19 +02:00
Alan Stokes
b2678b6654 Merge "Only kill apps with storage app data isolation enabled" 2021-05-05 14:16:00 +00:00
Eric Biggers
630fa5785e Merge "Log error message if setting project quota ID fails" am: 7505efbd5d am: 44df16de69 am: 1768a47b25
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1694189

Change-Id: If76a5f6341b8f21ed49e079e14bd67362fb35f7a
2021-05-04 16:58:24 +00:00
Eric Biggers
39aa9584b1 Log error message if setting project quota ID fails
Otherwise, the only sign of what went wrong may be system_server
logging a "ServiceSpecificException".

Bug: 187079978
Change-Id: I59b2ba2b0e679dfd1ec1fd8fff6790256fbfdf29
2021-05-03 12:39:36 -07:00
Ricky Wai
23356377ae Only kill apps with storage app data isolation enabled
Originally it kills all the apps with obb and data mounted.
Due to recent changes, all apps will have obb and data dirs mounted
in default root namespace. Hence all apps will be killed by
by KillProcessesWithMounts().

To fix this, we also check if the dir is mounted as tmpfs,
as the default namespace one is bind mounted to lowerfs,
which app data isolation is mounted as tmpfs, so we only
kill the process that have obb dir mounted as tmpfs.

Bug: 148049767
Test: Able to boot without warnings
Change-Id: I5f862ad6f64f5df739b68ea7c9815352bae3be5c
Merged-In: I45d9a63ed47cbc27aebb63357a43f51ad62275db
2021-04-30 13:58:07 +00:00
Ricky Wai
a58b535495 Only kill apps with storage app data isolation enabled
Originally it kills all the apps with obb and data mounted.
Due to recent changes, all apps will have obb and data dirs mounted
in default root namespace. Hence all apps will be killed by
by KillProcessesWithMounts().

To fix this, we also check if the dir is mounted as tmpfs,
as the default namespace one is bind mounted to lowerfs,
which app data isolation is mounted as tmpfs, so we only
kill the process that have obb dir mounted as tmpfs.

Bug: 148049767
Test: Able to boot without warnings / errors
Ignore-AOSP-First: Merge it along with other CLs, will cherry-pick to
AOSP afterwards.

Change-Id: I45d9a63ed47cbc27aebb63357a43f51ad62275db
2021-04-30 10:06:32 +01:00
Zim
75273001a2 Avoid killing the FUSE daemon during unmount
The FUSE daemon is often holding fds on behalf of other apps and if a
volume is ejected the daemon would often get killed first while vold
is walking /proc/<pid>/fd to kill pids with open fds on the
volume. This is required for the volume unmount successfully.

To mitigate this, we avoid killing the FUSE daemon during the usual
/proc walk. This ensures that we first send SIGINT, SIGTERM and
SIGKILL to other apps first. There is an additional SIGKILL attempt
and on that last attempt, we kill the FUSE daemon as a last resort

Test: Manual
Bug: 171673908
Change-Id: I100d2ce4cb4c145cbb49e0696842e97dfba2c1c9
2021-03-05 11:05:16 +00:00
Treehugger Robot
f6546171af Merge "Set a default ACL on /data/media/userId." 2021-03-02 09:25:52 +00:00
Martijn Coenen
5adf92a988 Set a default ACL on /data/media/userId.
This directory is used as a root for external storage on adopted storage
devices. It needs to be writable by processes holding the AID_MEDIA_RW
GID permission; in particular, it should be writable by the FUSE daemon.

On devices with sdcardfs, this was ensured automatically, because
sdcardfs presented a view of this directory that was writable, that we
could use for the FUSE daemon. But on devices without sdcardfs, the FUSE
daemon sees the raw filesystem and its permissions. This also means that
files created by the FUSE daemon will have their uid/gid set to the uid
of the FUSE daemon; to ensure these files stay writable to other system
applications that have AID_MEDIA_RW, use a default ACL to make sure the
gid stays AID_MEDIA_RW.

In particular, this fixes an issue with app cloning, where we want the
FUSE daemon of user 0 to be able to access the files of the app clone
user, and vice versa.

Bug: 154057120
Test: inspect uid/gid of /data/media/0 and contents
Change-Id: Ic5d63457ec917ea407b900dbb7773d89311780c6
2021-02-24 12:45:09 +01:00
Treehugger Robot
6c36c6f421 Merge changes from topic "fsync-fixes"
* changes:
  Add syncs when creating parent directories
  Sync parent directory in storeKeyAtomically()
  Move pathExists() to Utils.cpp
2021-02-19 19:23:47 +00:00
Dhiraj Jadhav
72005fd1e6 Revert "Revert "Revert "Set a default ACL on /data/media/userId."""
This reverts commit ea9681e4cd.

Reason for revert: storage Permission causing b/179362637 adb push to fail

Change-Id: Ibc1d8b5b685c22545b7e2d15de58059960b87e14
2021-02-18 04:57:03 +00:00
Eric Biggers
fec0c0e472 Add syncs when creating parent directories
vold creates some directories for storing encryption keys if they don't
already exist, potentially including parent directories:

    /metadata/vold/metadata_encryption
    /data/misc/vold/volume_keys/$volume_uuid
    /data/misc_de/$user/vold/volume_keys/$volume_uuid
    /data/misc_ce/$user/vold/volume_keys/$volume_uuid

Currently fs_mkdirs() is used for this.  However, fs_mkdirs() doesn't
include the fsync()s of the parent directories that are needed to ensure
that the new directories are persisted to disk right away -- which is
important for encryption keys.

Add a utility function MkdirsSync() which does what is needed, and make
the appropriate places call it.

Test: Booted and checked log for "Created directory" message.
      Also ran 'atest vold_tests' to run the new unit test.
Change-Id: Ie9917b616433080139b8db3fd6877203ee6faf77
2021-02-16 16:18:53 -08:00
Eric Biggers
3345a2a98c Sync parent directory in storeKeyAtomically()
When an FBE or metadata encryption key is created, it's important that
it be persisted to disk right away; otherwise the device may fail to
boot after an unclean shutdown.  storeKey() has the needed fsync()s.
However, storeKeyAtomically() doesn't, as it doesn't fsync() the parent
directory of key_path after it renames tmp_path to it.

Two callers do fsync() the parent directory themselves, but others
don't.  E.g., the metadata encryption key doesn't get properly synced.

Therefore, add the needed fsync() to storeKeyAtomically() so that it
gets done for everyone.

Also remove the now-unneeded fsync()s from the two callers that did it
themselves.

Change-Id: I342ebd94f0a3d2bf3a7a443c35b6bda0f12e1ab2
2021-02-16 16:05:38 -08:00
Eric Biggers
bd138dd08a Move pathExists() to Utils.cpp
This is useful as a general utility function.

Change-Id: Id43fc106dc6c544c6e4ce65f10c7d4246b99e54a
2021-02-16 16:05:38 -08:00
Martijn Coenen
ea9681e4cd Revert "Revert "Set a default ACL on /data/media/userId.""
This reverts commit b276e80aec.

Reason for revert: b/177926359 is now fixed

Change-Id: I8ec5d80a44fc9e491ab3430592e17d10a82f40ea
2021-02-01 07:57:02 +00:00
Martijn Coenen
b276e80aec Revert "Set a default ACL on /data/media/userId."
This reverts commit a71323ec0e.

Reason for revert: b/177926359 - note that this is a Google testing infrastructure issue, and no issue with this patch. Partners can keep using this patch. It will be resubmitted in a few weeks.

Change-Id: Ia13279ac1aafa2e4425c4527aeadd5d0fadbc2e4
2021-01-20 15:51:44 +00:00
Martijn Coenen
a71323ec0e Set a default ACL on /data/media/userId.
This directory is used as a root for external storage on adopted storage
devices. It needs to be writable by processes holding the AID_MEDIA_RW
GID permission; in particular, it should be writable by the FUSE daemon.

On devices with sdcardfs, this was ensured automatically, because
sdcardfs presented a view of this directory that was writable, that we
could use for the FUSE daemon. But on devices without sdcardfs, the FUSE
daemon sees the raw filesystem and its permissions. This also means that
files created by the FUSE daemon will have their uid/gid set to the uid
of the FUSE daemon; to ensure these files stay writable to other system
applications that have AID_MEDIA_RW, use a default ACL to make sure the
gid stays AID_MEDIA_RW.

In particular, this fixes an issue with app cloning, where we want the
FUSE daemon of user 0 to be able to access the files of the app clone
user, and vice versa.

Bug: 154057120
Test: inspect uid/gid of /data/media/0 and contents
Change-Id: Ib718b8362df84754ee3cac33865bca3c12df2e3a
2020-12-23 21:05:02 +00:00
Martijn Coenen
94d6c1275d Revert "Set a default ACL on /data/media/userId."
This reverts commit 8688eb4f47.

Reason for revert: Probably causing b/176240229

Change-Id: Id92d1f1589e8927f372960ec2cc5d262d10ad161
2020-12-23 19:14:15 +00:00
Martijn Coenen
8688eb4f47 Set a default ACL on /data/media/userId.
This directory is used as a root for external storage on adopted storage
devices. It needs to be writable by processes holding the AID_MEDIA_RW
GID permission; in particular, it should be writable by the FUSE daemon.

On devices with sdcardfs, this was ensured automatically, because
sdcardfs presented a view of this directory that was writable, that we
could use for the FUSE daemon. But on devices without sdcardfs, the FUSE
daemon sees the raw filesystem and its permissions. This also means that
files created by the FUSE daemon will have their uid/gid set to the uid
of the FUSE daemon; to ensure these files stay writable to other system
applications that have AID_MEDIA_RW, use a default ACL to make sure the
gid stays AID_MEDIA_RW.

In particular, this fixes an issue with app cloning, where we want the
FUSE daemon of user 0 to be able to access the files of the app clone
user, and vice versa.

Bug: 154057120
Test: inspect uid/gid of /data/media/0 and contents
Change-Id: I6dfae41f9cb6a8283978b2667b02708a000f07c0
2020-12-16 17:54:22 +01:00
Martijn Coenen
64b3bba52e Unmount pass_through path last.
There've been reports of issues where, when a volume is ejected, the
MediaProvider process gets killed. This happens because the
MediaProvider has a file open on the volume (eg, during a scan). We do
abort the scan when the volume is ejected, however this could take some
time. So, we give MediaProvider a bit more time before getting killed,
by only looking for files open on the pass_through paths last. This
order anyway seems to make more sense - ideally we kill apps using
external storage before we unmount the pass_through path underlying it.

Bug: 171367622
Test: atets AdoptableHostTest
Change-Id: Ie8eacaa72a80ff8161ecf1e8c0243afcd890ee39
2020-11-19 09:08:50 +01:00
Eric Biggers
f74373b177 KeyStorage: rework key upgrade handling
Remove the error-prone 'keepOld' parameter, and instead make begin()
(renamed to BeginKeymasterOp()) do all the key upgrade handling.

Don't handle /data and /metadata differently anymore.  Previously, when
a checkpoint is active, key blob files were replaced on /data
immediately; only the actual Keymaster key deletion was delayed until
checkpoint commit.  But it's easier to just delay the key blob file
replacement too, as we have to implement that for /metadata anyway.

Also be more vigilant about deleting any leftover upgraded keys.

Test: Tested on bramble using an OTA rvc-d1-release => master.  In OTA
      success case, verified via logcat that the keys were upgraded and
      then were committed after the boot succeeded.  In OTA failure
      case, verified that the device still boots -- i.e., the old keys
      weren't lost.  Verified that in either case, no
      keymaster_key_blob_upgraded files were left over.  Finally, also
      tried 'pm create-user' and 'pm remove-user' and verified via
      logcat that the Keymaster keys still get deleted.
Change-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee
2020-11-05 19:58:26 -08:00
Eric Biggers
7bcf427369 Utils: add IsDotOrDotDot() and use it in the appropriate places
Change-Id: I704522b26acfb3e7c423d9a14d69ede513b50482
2020-11-02 15:47:24 -08:00
Eric Biggers
f9d9ac29d0 Fix argument type for FS_IOC_GETFLAGS and FS_IOC_SETFLAGS
These ioctls take a pointer to an 'int' (or an 'unsigned int', it
doesn't matter), not an 'unsigned long'.  See 'man ioctl_iflags'.
Presumably it happened to work anyway because Android only runs on
little endian platforms.

Bug: 146419093
Bug: 163453310
Change-Id: I73099dafd4ee8d497c0a754149271871a37454f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-28 04:48:09 +00:00
Daniel Rosenberg
cc874804dd Set media folder +F for adopted storage as well
We previously only set +F for /data/media, but adopted storage needs
this as well. Instead we add support for adding attrs to PrepareDir.

Bug: 163453310
Test: sm set-virtual-disk true
      follow UI setup and confirm +F on /mnt/expand/*/media
Change-Id: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
Merged-In: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
2020-10-20 18:55:54 -07:00
Martijn Coenen
a485006ab1 Configure backing device max_ratio for FUSE filesystems.
By default FUSE filesystems have a max_ratio of 1%, meaning only 1% of
dirty pages on the system can belong to a FUSE filesystem before we
start writing back pages (and throttling, if writeback can't keep up).
This limit is useful for untrusted filesystems, but in our case, we
trust the FUSE filesystem. Since FUSE writes result in writes to the
lower filesystem, FUSE should take at most 50%. Let's start with
changing max_ratio to 40%, to avoid needless throttling.

Bug: 159254170
Bug: 159770752
Test: inspect /sys/class/bdi manually after boot
Change-Id: I467e3770fc4afba0a08fa480c0b86aa054c8b875
2020-06-30 10:16:55 +02:00
Nikita Ioffe
bcd7d5e7ce Merge "Configure read ahead for fuse mounts" into rvc-dev 2020-06-17 16:37:37 +00:00
Nikita Ioffe
dcee5c1d21 Configure read ahead for fuse mounts
For fuse read ahead can be configured by writing a value to the
/sys/class/bdi/{MAJOR}:{MINOR}/read_ahead_kb file.

There are several different ways of getting {MAJOR}:{MINOR} values of
the filesystem:

* Look at st_dev of stat("/mnt/user/0/emulated").
* Parse /proc/self/mountinfo.

Stat'ing approach is used since it's easier to implement.

Bug: 157982297
Test: atest vold_tests
Test: adb shell cat /proc/self/mountinfo to get MAJOR:MINOR
Test: adb shell cat /sys/class/bdi/{MAJOR}:{MINOR}/read_ahead_kb
Test: created public volume, checked it's read_ahead_kb is also 256
Change-Id: Id0c149c4af1ceabf3afc33b4100563a512b38316
2020-06-17 15:58:25 +01:00
Martijn Coenen
1129b81071 Add app's own UID to the default ACL.
On devices without sdcardfs, /Android/data/com.foo and
/Android/obb/com.foo can be written by other processes (eg installers);
in those cases, file ownership may be wrong. To ensure that the original
app always has access to the files contained in this directory, add a
group to the default ACL that matches the UID of the app. Since all apps
have their own UID also as their group ID, this ensures that things keep
working correctly.

Bug: 157530951
Test: atest
android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageUnsharedObb
Change-Id: I829a2a7c7b578a8328643f38681e68796adcd6b2

Change-Id: Ibbc333fb395507363830dfcf5dc6f1cfd55f008d
2020-06-16 15:16:18 +02:00
Martijn Coenen
23c0445355 vold: Support aborting FUSE connections.
This can be done through binder as well as vdc, using 'vdc volume
abort_fuse'.

Bug: 153411204
Test: adb shell vdc volume abort_fuse
Change-Id: I93e46dc1cd361729cc1162c63520cf73152ea409
2020-05-28 16:07:16 +02:00
Daniel Rosenberg
f36bdddc7e Move enabling sdcardfs behind a property
This allows devices that have sdcardfs enabled in the kernel to not use
it. When external_storage.sdcardfs.enabled=0, sdcardfs will not be
mounted. This is treated as default true to not affect upgrading
devices. It does not use the old ro.sys.sdcardfs as that has been
repurposed over time and no longer can be relied on to turn off
sdcardfs. This is included within emulated_storage.mk

Bug: 155222498
Test: mount|grep "type sdcardfs" should find nothing after boot complete
      if external_storage.sdcardfs.enabled=0
Change-Id: I23d75fb1225aeabbcb1a035ad62fd042b6b3c7b5
2020-05-19 22:11:49 -07:00
Alistair Delva
ff1fc9bc41 Expand virtio_block check to other virtual devices
The Android Emulator isn't the only virtual device the virtio-block
detection code is useful for, and those platforms might not set any
discriminating properties to indicate that they are virtual.

Rework the virtio-block major detection to use /proc/devices instead
of hardcoding the assumption that any virtual platform can have
virtio-block at any experimental major; the new code permits only the
exact experimental major assigned to virtio-block.

The new code runs everywhere, but it will only run once and could be
expanded later to detect dynamic or experimental majors.

Bug: 156286088
Change-Id: Ieae805d08fddd0124a397636f04d99194a9ef7e5
2020-05-15 17:00:44 -07:00
Martijn Coenen
9171fcc984 Only set quota project ID inheritance on app-private dirs.
Previously every directory on external storage had project ID quota
inheritance enabled; this means that if any new file/directory is
created under such a directory, it will inherit the project ID from the
parent. We use a default project ID of 1000 for generic directories, and
application-specific project IDs for app-specific directories.

MediaProvider is responsible for updating the quota type in the generic
directories, as it scans all files there. However, there is a problem
with this approach: if you move a file to a directory with project ID
inheritance set, and the project ID of that file differs from the
project ID of the dir, that results in an EXDEV error, and requires a
copy instead. For example, if /sdcard/DCIM/test.jpg has a project ID of
1003 (for images), and you try to move it to /sdcard/Pictures/test.jpg,
that would require a copy, because the project ID of /sdcard/Pictures is
1000.

While this is not a very common scenario, it's still better to avoid it.
Luckily we can - since MediaProvider anyway scans all files, it will set
the project ID on individual files correctly - there's no need to
inherit them.

We then only need to inherit quota in application-specific directories,
since in those directories the app can create files itself, and those
need to be tagged correctly.

This change enables that, by removing quota inheritance setting from the
top-level directory, and instead doing it for app-specific directories
instead.

Bug: 151078664
Test: atest StorageHostTest
      atest com.android.tests.fused.host.FuseDaemonHostTest#testRenameAndReplaceFile
Change-Id: I38a057ec61cb627e39a3ff7ac58c7218dc251bdc
2020-03-11 11:51:45 +01:00
Martijn Coenen
6a4d95d08e Merge "Switch to new project ID constants." 2020-02-20 08:58:56 +00:00
Martijn Coenen
aee40511ae Switch to new project ID constants.
Use new constants, instead of reusing previous sdcardfs values.

Bug: 146419093
Test: lsattr -pR
Change-Id: I7409d86cac5360e125e843cc79f3c5f41d74dd1e
2020-02-20 00:39:05 +01:00
Ricky Wai
879b9c0a59 Merge "Mount direct boot apps obb dir after fuse is ready." 2020-02-19 19:42:13 +00:00
Ricky Wai
07e64a4cea Mount direct boot apps obb dir after fuse is ready.
- Remove bind mounting Android/ code as we want to bind mount obb dir
for each process instead.
- Set property "vold.vold.fuse_running_users" as an array of user id
for which fuse is ready to use.
- After fuse is ready for a user, fork a background process in vold
to bind mount all direct boot apps for that user so its direct boot
apps obb dir will be mounted to lower fs for imporoved performance.

Bug: 148049767
Bug: 137890172
Test: After flag is enabled, AdoptableHostTest still pass.
Change-Id: I90079fbeed1c91f9780ca71e37b0012884680b7c
2020-02-19 16:45:07 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
Martijn Coenen
442bb83828 Set a default ACL on the top-level OBB directory.
Since installers can create directories in Android/obb, make sure those
directories end up with the correct ACL bits as well.

Bug: 146419093
Test: inspect filesystem manually
Change-Id: I211e921197560a40599938463f3171a0ff92d9aa
2020-02-18 15:24:26 +01:00